MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e238f0120f34d1b86f4afe460e84978a3091d7149b4b24bd9b36aaff4cb6e209. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AveMariaRAT


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e238f0120f34d1b86f4afe460e84978a3091d7149b4b24bd9b36aaff4cb6e209
SHA3-384 hash: 4bdae14a85f3ac6e494ec5c95f4b2f3c55776537c8a9e01ac20c2e5f18941505b008d3869da500961abed4c6faba3892
SHA1 hash: 04cc999e3546208f3f7f30171e334bda4528e909
MD5 hash: 9602f1952dd091c019ba2e4610fcf4f8
humanhash: jig-artist-comet-utah
File name:HANG08.Xls.zip
Download: download sample
Signature AveMariaRAT
Create hunting rule
File size:236'487 bytes
First seen:2020-06-11 05:35:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:1+pHl9KbGJOwWB7Bl1c7wa0LLAyH0AHLLxriycz:1+j9aGJYDWILL9H0ArLxr2z
TLSH 513423238DD5D4FEF9D038329EDD12C6A685B8A0C4D513786279832FEF6A9244B6035F
Reporter abuse_ch
Tags:AveMariaRAT RAT zip


Avatar
abuse_ch
Malspam distributing AveMariaRAT:

HELO: standfordgroups.com
Sending IP: 62.173.142.172
From: douglas@hiiglobal.net <douglas@hiiglobal.net>
Subject: Quote/Offer/Samples
Attachment: HANG08.Xls.zip (contains "HANG08.Xls.exe")

AveMariaRAT C2:
216.38.2.212:5200

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Ransomware.WannaCry
Create hunting rule
Status:
Malicious
First seen:
2020-06-11 05:37:05 UTC
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4i4paeqpgti3q32k7zda5bexriyjdvyutnfsjpm3g2vp6tfw4ieq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

AveMariaRAT

zip e238f0120f34d1b86f4afe460e84978a3091d7149b4b24bd9b36aaff4cb6e209

(this sample)

AveMariaRAT

Executable exe b828c7f4161cc9b6b0285fc4c528ec53c13e23b562246709e66048d2daf658ca

  
Dropping
MD5 6934436e31503e38bdb7042f012f1407
  
Dropping
AveMariaRAT
  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 b828c7f4161cc9b6b0285fc4c528ec53c13e23b562246709e66048d2daf658ca

Comments